- https://samsapti.dev
-
Software Developer, Privacy Advocate and Digital Minimalist
- Joined on
2022-05-23
The process inside the container does not run as root, but it still has access to the Docker socket (on our production VM!), unless we opt to use Docker-in-Docker which is also insecure due to the…
Seconded! In that case, and since we're gonna be using VMs, why not set up a dedicated runner VM with rootless Docker? That way, we can avoid it having access to our production Docker socket.
ht…
Wrong email (perhaps a services.restic.mail_to
is appropriate?) 😉
I suggest restic@noreply.{{ base_domain }}
or backup@noreply.{{ base_domain }}
instead. Also, let's keep the syntax style with underscores, so mail_from
instead of mail-from
.
Please change this line to use spaces instead of tabs, and have it on the same indentation level as the above lines.
This needs to be with a :
instead of =
like the rest of the variables.
Some suggestions and minor things that need to be fixed, otherwise great work!